As remote access to confidential data and secure systems has become increasingly common, there has been corresponding need for secure authentication before permitting access to the confidential data. Biometrics is one type of authentication that is accurate and thought to be secure. Biometrics uniquely associates physiological or behavioral characteristics with an individual. Examples include fingerprints, iris recognition, palm prints and DNA. Biometric authentications have an advantage over password based authentications that a user does not need to remember a password, or worry about losing an access card.
In recent years technology implementing fingerprint scanning has become cheap and accurate. Additionally, fingerprints in particular are a convenient type of authentication because people usually have their fingers available and accessible. However, despite the attractiveness of fingerprint scanning, there are some disadvantages.
Fingerprints may be damaged and some do not have fingers or fingerprints. Another problem is that in using their hands and fingers throughout the day, people leave fingerprints on many objects in many different places. Thus, fingerprints are not inherently private.
For example, a fingerprint scanner has been fooled by latex fingers that were molded to produce a copy of a fingerprint. Some fingerprint scanners have been fooled to authenticate fingerprints that were lifted from surfaces using laser printer toner and then reproduced on a copy machine.
Additionally, biometrics in general have a disadvantage that they are static. Once a unique biometric characteristic has been compromised, the biometric characteristic cannot be easily changed. For example, if a fingerprint is stolen or fraudulently obtained, it would be difficult, and perhaps impossible for the user to replace or change the stolen fingerprint.
In contrast, if access to confidential data or a secure system is protected by a password, if the password has been compromised, a user may easily change the password. Furthermore, a user may mitigate the risk of password disclosure by using different passwords for different applications. However, regarding fingerprints a typical user only has ten.
It would be desirable to provide an authentication that would have the advantages of using fingerprints as a biometric authentication, but at the same time limit the disadvantages of using fingerprints.